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Abstract 

Cyberspace  is  a  domain  shared  by  the  entire  world.  The  features  which  distinguish 
cyberspace  from  the  traditional  domains  of  air,  land,  sea,  and  space  also  raise  legal  questions 
about  jurisdiction  and  attribution  of  offenses.  This  paper  reviews  some  of  the  key  distinguishing 
features  of  cyberspace  and  assesses  the  relevance  of  posse  comitatus  within  the  domain.  It 
proposes  invocation  of  the  Insurrection  Act  of  1807  as  legislation  more  compatible  with  the 
properties  of  cyberspace  and  offers  potential  applications. 
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In  the  spring  of  2007,  the  nation  of  Estonia  suffered  a  significant  cyber  attack.1  The 
effects  were  felt  on  government  command  and  control,  the  minds  of  the  people,  and  stopped  just 
short  of  shutting  down  economic  markets.-  Though  never  admitted,  all  indications  point  to  a 
coordinated  attack  from  Russia  as  the  cause.  There  was  no  prior  indication  of  a  pending  attack. 
The  swift  attack  on  command  and  control,  breaking  the  ties  between  the  government  and  its 
military  forces  and  people,  hindered  response  and  destabilized  a  population  that  felt  insecure4. 

To  date  there  is  still  legal  and  technical  “murkiness”  in  holding  a  nation,  organization,  or 
individual  ultimately  responsible  for  an  attack  in  cyberspace.5  Cyberspace  is  not  just  a  domain 
shared  among  all  warfighting  services;  it  is  also  a  domain  shared  with  individual  citizens, 
business,  the  whole  of  government,  and  the  world.6  Tasks  ranging  from  grade  school  book 
report  turn-ins  to  public  utility  controls  orders,  and  from  stock  purchases  to  military  command 
and  control  orders  transit  many  of  the  same,  generally  commercially-owned,  routers,  switches, 
computers,  and  wires,  each  with  the  goal  of  passing  information  from  one  location  to  another. 
According  to  the  National  Military  Strategy  for  Cyberspace  Operations,  “operations  in 
cyberspace  are  a  critical  aspect  of  our  military  operations  around  the  globe.”7  The  Estonia 
example  shows  how  fragile  both  military  response  and  population  security  are  with  an  unknown 
enemy  staging  from  an  unknown  location  in  light  of  the  new  cyber  reality.  It  provides  an 
opportunity  and  backdrop  for  reviewing  the  rules  of  borders  and  jurisdiction  as  it  relates  to 
cyberspace.  Though  the  Estonian  example  allegedly  implicates  the  Russians,  in  light  of  the  new 
realities  of  our  interconnected  world,  this  paper  presents  an  argument  for  a  waiver  of  posse 
comitatus  as  a  rule,  rather  than  an  exception,  in  the  murkiness  of  cyberspace. 

In  order  to  effectively  address  this  phenomenon,  one  must  understand  cyberspace.  The 
definition  of  “cyberspace”  itself  is  often  contentious,  however  two  sources  provide  adequate 
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understanding  of  the  depth  and  breadth  of  the  issue.  The  Department  of  Defense  defines 
“cyberspace”  as  “a  global  domain  within  the  infonnation  environment  consisting  of  the 
interdependent  network  of  infonnation  technology  infrastructures,  including  the  Internet, 
telecommunications  networks,  computer  systems,  and  embedded  processors  and  controllers.”9 
This  definition  relates  both  the  global  aspect  of  the  domain  and  introduces  the  concept  of 
information  as  an  environment.  One  can  assume,  and  the  Estonian  example  supports,  that  the 
information  environment  may  be  peaceful  or  contentious.  The  second  telling  definition  comes 
from  a  2001  Congressional  Research  Service  Report  for  Congress:  “the  total  interconnectedness 
of  human  beings  through  computers  and  telecommunication  without  regard  to  physical 
geography.”10  This  definition  highlights  the  lack  of  reliance  on  physical  geography  for 
cyberspace.  In  cyberspace,  infonnation  travels  physical  connections  around  the  world  without 
regard  to  territorial  borders  and  jurisdiction. 

Other  features  of  cyberspace  further  distinguish  it  from  the  traditional  domains  of  land, 
sea,  air,  and  space.  Features  of  interest  to  a  discussion  of  national  defense  include  speed, 
attribution,  low  entry  cost  for  relative  effect,  and  public  and  private  sector  interrelatedness,  each 
a  benefit  to  a  potential  adversary. 1 1  Speed  is  apparent  to  anyone  who  has  sent  an  email,  accessed 
an  Internet  web  page,  or  participated  in  a  video  telecommunication  session.  Data  often  travels  at 
the  speed  of  light  in  cyberspace.  Adversaries  attempt  to  exploit  speed  in  all  domains  during 
wartime,  but  the  speed-of-light  capability  of  cyberspace  provides  an  environment  tailor-made  for 
an  intrusion  of  any  sort.  Experts  in  cyberspace  can  manipulate  data  and  routing  to  hide  their 
identity  and  location.  The  non-attributable  aspect  of  cyberspace  offers  a  lush  environment  for 
an  adversary  to  map  networks,  conduct  espionage,  and  even  modify  data  within  US  networks 
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with  little  risk  of  retaliation.  Additionally,  for  the  relatively  low  cost  of  a  computer  and  an 
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Internet  connection,  a  skilled  adversary  in  cyberspace  could  conduct  any  and  all  their 
operations.14  While  increasing  the  scale  of  an  adversary’s  cyberspace  operation  would  create  a 
larger  threat,  the  low  cost  of  entry  into  cyberspace  combined  with  a  capacity  for  non-attribution 
allows  for  threats  to  scale  out  as  well  (i.e.,  individuals,  organizations,  and  countries  that  would 
otherwise  not  attempt  intrusion  or  espionage  against  the  US  government  may  take  the 
opportunity).  Finally,  the  matter  of  information  ownership  must  be  addressed.  While  the  US 
military  often  shares  roads,  ports,  and  airfields  with  commercial  and  civilian  traffic,  military 
installations  are  traditionally  self-contained  safe-haven  environments  for  military-only 
operations.  In  most  instances,  a  military  installation  commander,  acting  on  behalf  of  the  federal 
government,  has  some  level  of  jurisdiction  or  authority  to  legislate  and  enforce  laws  on  that 
installation.16  Though  military  networks  often  contain  boundaries  to  block  certain  traffic  from 
entering  the  networks  within  an  installation’s  geographic  area,  the  essence  of  the  cyberspace 
domain  is  information.16  Informational  traffic  necessarily  passes  across  the  same  wires  and 
hardware  as  civilian  data  almost  exclusively  on  privately-owned,  government-leased  lines  cross- 
country.  In  short,  the  military  network  and  information  paths  cannot  be  completely  physically 
separated  from  the  private  sector  network.  The  lack  of  international  law,  potential  speed  of 
attack,  capacity  for  non-attribution,  breadth  and  depth  of  adversaries,  and  lack  of  clearly  defined 
national  borders,  much  less  civilian  versus  military  infonnation,  in  cyberspace  helps  to  explain 
the  problems  faced  in  defending  and  legislating  cyberspace. 

Despite  the  scare  to  Estonia  and  later  exemplified  in  a  similar  Georgian  event,  there  is 
“no  universally  legally  binding  instrument  that  would  address  cyber  attacks  as  threats  to  national 
security.”  However,  the  attacks  in  Estonia  and  Georgia  clearly  threatened  security  and  peace- 
of-mind  in  those  sovereign  nations.  The  US  has  addressed  the  problem  internally  by  assigning 
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the  Department  of  Homeland  Security  as  the  caretakers  of  cyberspace  within  the  US  for  domestic 
issues  and  assigning  the  Department  of  Defense  as  caretakers  of  cyberspace  for  military 
networks.19  As  described  above,  the  delineations  of  what  is  of  military  interest  and  what  is  of 
Homeland  Security  interest  are  hidden  in  the  confusion  of  cyberspace  “borders.”  Posse 
comitatus,  by  law  and  for  lack  of  a  better  system,  creates  a  guideline. 

Posse  comitatus,  Title  18,  Section  1385  of  the  US  Code  reads,  “whoever,  except  in  cases 
and  under  circumstances  expressly  authorized  by  the  Constitution  or  Act  of  Congress,  willfully 
uses  any  part  of  the  Army  or  the  Air  Force  as  posse  comitatus  or  otherwise  to  execute  the  laws 
shall  be  fined  under  this  title  or  imprisoned  not  more  than  two  years,  or  both.”"  In  short,  the 
military  may  not  conduct  law  enforcement  operations.  The  translation  of  the  law  to  cyberspace 
requires  that  whenever  an  intrusion  on  a  military  network  is  tracked  back  to  a  computer  located 
within  the  United  States,  the  military  must  stop  its  efforts  and  turn  the  information  over  to 
Department  of  Homeland  Security  (or  other  agency)  personnel  for  further  tracking  and  law 
enforcement  actions.21  This  seems  a  simple  and  fair  solution. 

Within  cyberspace,  however,  evidence  of  traveling  through  a  geographic  site  does  not 
mean  that  it  originated  from  that  site.  The  attack  aimed  at  Estonia,  for  instance,  is  known  as  a 
distributed  denial  of  service  attack  (DDoS)."“  Malicious  code,  developed  allegedly  in  Russia, 
was  released  to  the  Internet,  spread  around  the  world  through  cyberspace,  and  affected 
computers  without  their  owners  knowing.  On  demand,  the  “slave”  computers  sitting  on  desks 
around  the  world  sent  continuous  communication  requests  to  the  targeted  computers  within 
Estonia,  overwhelming  their  ability  to  respond.24  Most  owners  of  “slave”  computers  were  likely 
unaware  of  their  computer’s  role  and  the  individuals  themselves  were  also  not  complied  in  the 
act.  The  problem,  however,  was  very  real  to  Estonia  and  was  one  to  which  they  had  to  react.  One 
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year  later,  when  networks  in  Georgia  were  affected,  the  event  preceded  a  Russian  military  assault 
on  Georgia."  If  such  an  event  hit  US  military  bases  and  the  military  tracked  intrusion  attempts 
and  attacks  to  computers  within  the  US,  the  military  could  take  no  action  except  attempt  to  block 
the  offending  computers  and  pass  the  infonnation  along  to  law  enforcement."  Meanwhile,  the 
attacks  would  continue  and  the  US  would  get  no  closer  to  detennining  attribution. 

United  States  Code  offers  a  potential  solution  contained  in  the  Insurrection  Act  in  Title 
10,  Section  332  of  US  Code.27  Initially  established  in  1807,  the  Insurrection  Act  allows  the 
President  to  mobilize  the  armed  forces  within  the  US  when  “unlawful  obstructions, 
combinations,  or  assemblages,  or  rebellion  against  the  authority  of  the  United  States,  make  it 
impracticable  to  enforce  the  laws  of  the  United  States  in  any  State  by  the  ordinary  course  of 
judicial  proceedings”. .  .’’to  enforce  those  laws  or  to  suppress  the  rebellion.”  Actors  in 
cyberspace  are  neither  measured  by  their  geographic  location  nor  by  positive  identification 
raising  both  jurisdiction  and  attribution  issues  in  the  law.  Furthermore,  an  intrusion  or  attack 
initiating  outside  the  US  is  subject  to  no  internationally  recognized  law  today."  A  distributed 
denial  of  service  attack  affecting  a  military  installation  likely  offers  no  chance  at  legal  resolution, 
no  infonnation  about  who  was  trying  to  attack,  and  potentially  no  lessons  learned  to  combat  the 
next  attack.  Thus,  if  the  attack  sufficiently  degrades  capabilities,  the  President  could  deem  the 
attack  “unlawful”  or  a  “rebellion”  allowing  for  the  initiation  of  the  Insunection  Act  and  further 
allowing  the  military  to  take  necessary  actions  to  put  down  the  insurrection.  However,  the  speed- 
of-light  quickness  associated  with  cyberspace  and  pure  mass  of  intrusion  attempts  against  US 
government  computer  networks  suggests  that  Presidential  approval  would  not  be  granted  in  a 
timely  or  consistent  manner. 
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While  subject  to  posse  comitatus  for  network  intrusion,  the  quality  of  the  investigation 
relies  on  urgency  and  skills  of  the  Department  of  Homeland  Security  or  delegated  local  law 
enforcement  and  proper  communication  of  the  intrusion  received  from  the  Department  of 
Defense.  In  the  best  of  circumstances,  an  investigation  is  neither  quick  nor  sufficient  to  provide 
lessons  learned.  At  worst,  military  network  investigations  may  be  prioritized  behind  other 
departments’  networks,  public  utilities,  and  economic  and  transportation  system  intrusions  and 
the  only  success  that  may  be  claimed  is  persistence  and  survival  through  a  network  attack. 

A  military  network  active  defense  able  to  track  intruders  back  to  their  origination  in  spite 
of  their  path,  however,  could  make  the  networks  drastically  better/  Given  rights  modeled  on  the 
Insurrection  Act  of  1807,  the  military  could  both  clear  US  civilians  who  were  not  complied  in  an 
intrusion  without  a  Homeland  Security  investigation,  and  track  an  intruder  back  to  his  originating 
source.  The  investigation  could  identify  vulnerabilities  in  networked  systems  which  could  be 
turned  into  lessons  learned  and  lead  to  better  protected  network  technologies  or  training  in  the 
future.  The  investigation  could  also  identify  who  wanted  to  intrude  in  US  networks  and 
potentially  uncover  reasons  why  resulting  in  valuable  military  intelligence. 

Thomas  Wingfield  and  James  Michael  have  identified  three  legal  prisms  through  which 
to  view  computer  network  intrusions:  law  enforcement,  intelligence  collection,  or  military 
operations.  Furthermore,  they  wrote  that  any  given  intrusion  may  have  components  of  any  two 

TO 

or  all  three  aspects  of  law.  The  dilemma,  as  spelled  out  by  Major  Bonnie  Adkins,  is  in  quickly 
discerning  the  type  of  attack  and  taking  appropriate  response.  Given  the  limitations  of  speed, 
anonymity,  and  jurisdictional  confusion,  legal  action  seems  inappropriate  as  the  initial  response 
for  at  least  some  coordinated  cyberspace  attacks,  such  as  those  targeted  at  Estonia  and  Georgia. 
Rather,  the  US  government,  recognizing  the  criticality  of  the  threat  against  national  systems, 
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should  allow  its  fighting  force  the  ability  to  track  and  identify  their  attackers,  regardless  of  the 
path  the  attackers  chose.  In  the  initial  moments  of  a  cyberspace  intrusion,  there  is  not  time  to 
haggle  over  jurisdiction.  In  the  immediate  moments  thereafter,  there  is  not  time  to  investigate  a 
criminal  allegation  against  an  American  citizen  while  the  adversary  hides  behind  a  slave  machine 
in  a  path  that  invokes  posse  comitatus.  Cyberspace  intrusion  attempts  against  the  US  military 
need  to  be  defended  and  tracked  to  their  source  by  US  military  as  they  are  happening.  The 
actions  of  the  military  would  include  a  planned  series  of  responses  such  as  an  immediate  block  of 
the  far-end  computer  from  the  military  network  it  is  trying  to  connect  to,  tracking  and 
localization  through  any  slave  machines  back  to  the  originating  host,  and  placing  a  virtual  tag  on 
any  US  system  for  Department  of  Homeland  Security  to  follow-up  for  potential  legal  action. 

Most  importantly,  the  military  would  take  action  immediately  to  give  US  forces  the  best 
opportunity  to  survive  a  cyberspace  attack  and  retaliate,  if  ordered. 

The  United  States  government  has  never  been  1)  so  reliant  on  a  single,  specific 
technology  for  its  everyday  and  warfighting  posture,  2)  so  reliant  on  the  private  sector  for  its 
everyday  and  warfighting  posture,  and,  perhaps  most  importantly  to  this  argument,  3)  so  closely 
held  at  risk  by  its  international  enemies,  as  the  military  is  within  the  cyberspace  domain34. 
Additionally,  never  has  a  weapon  with  such  great  risk  to  United  States  forces  been  so  easily 
accessible  and  ubiquitous  as  the  tools  of  cyberspace  warriors.  Enemy  troops  massing  on  borders, 
enemy  ships  and  submarines  setting  sail,  and  enemy  airplanes  scrambling  provide  clear  warning 
of  aggression  in  traditional  domains.  Cyberspace  does  not  necessarily  provide  such  clear 
warning;  an  enemy  that  has  previously  mapped  a  network  within  the  United  States  likely  needs 
only  a  few  keystrokes  to  affect  their  target.  Geographic  location  of  the  adversary  is 
inconsequential  to  their  capabilities;  a  home-grown  team  of  hackers  my  affect  military  operations 
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by  hacking  utilities,  plans  carried  on  unclassified  networks,  or  telephone  systems,  for  instance, 
just  as  easily  as  individuals  residing  outside  the  country.  Reliance  on  commercial  entities,  the 
borderless  reality  of  the  domain,  and  the  global  reach  and  speed  of  an  enemy  in  cyberspace 
requires  the  United  States  to  review  its  laws  regarding  posse  comitatus  as  it  relates  to  cyberspace. 
The  United  States  military  must  be  allowed  to  function  without  threat  from  inside  its  geographic 
borders  or  from  the  outside. 
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